Multiple vulnerabilities in Adobe Experience Manager

1) Stored cross-site scripting

EUVDB-ID: #VU101514

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52836

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stored cross-site scripting

EUVDB-ID: #VU101522

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52844

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stored cross-site scripting

EUVDB-ID: #VU101521

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52843

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stored cross-site scripting

EUVDB-ID: #VU101520

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52842

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stored cross-site scripting

EUVDB-ID: #VU101519

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52841

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stored cross-site scripting

EUVDB-ID: #VU101518

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52840

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stored cross-site scripting

EUVDB-ID: #VU101517

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52839

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stored cross-site scripting

EUVDB-ID: #VU101516

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52838

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stored cross-site scripting

EUVDB-ID: #VU101515

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52837

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stored cross-site scripting

EUVDB-ID: #VU101513

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52835

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Stored cross-site scripting

EUVDB-ID: #VU101524

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52846

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stored cross-site scripting

EUVDB-ID: #VU101512

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52834

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Stored cross-site scripting

EUVDB-ID: #VU101511

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52832

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU101544

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52831

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions

The vulnerability exists due to insufficient validation of user-supplied input. A remote user trick the victim into clicking on a specially crafted URL and bypass implemented security restrictions.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stored cross-site scripting

EUVDB-ID: #VU101510

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52830

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Stored cross-site scripting

EUVDB-ID: #VU101509

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52829

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Stored cross-site scripting

EUVDB-ID: #VU101508

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52828

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Stored cross-site scripting

EUVDB-ID: #VU101507

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52827

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stored cross-site scripting

EUVDB-ID: #VU101506

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52826

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Stored cross-site scripting

EUVDB-ID: #VU101505

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52825

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Stored cross-site scripting

EUVDB-ID: #VU101523

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52845

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Stored cross-site scripting

EUVDB-ID: #VU101525

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52847

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Stored cross-site scripting

EUVDB-ID: #VU101503

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52823

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Stored cross-site scripting

EUVDB-ID: #VU101537

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52860

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper access control

EUVDB-ID: #VU101549

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43731

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and perform changes to the application.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper access control

EUVDB-ID: #VU101548

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43717

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain access to sensitive information.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper access control

EUVDB-ID: #VU101547

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43716

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain access to sensitive information.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU101545

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43755

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions

The vulnerability exists due to insufficient validation of user-supplied input. A remote user trick the victim into clicking on a specially crafted URL and bypass implemented security restrictions.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Stored cross-site scripting

EUVDB-ID: #VU101541

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52865

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Stored cross-site scripting

EUVDB-ID: #VU101540

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52864

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Stored cross-site scripting

EUVDB-ID: #VU101539

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52862

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Stored cross-site scripting

EUVDB-ID: #VU101538

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52861

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Stored cross-site scripting

EUVDB-ID: #VU101536

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52859

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Stored cross-site scripting

EUVDB-ID: #VU101526

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52848

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Stored cross-site scripting

EUVDB-ID: #VU101535

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52858

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Stored cross-site scripting

EUVDB-ID: #VU101534

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52857

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Stored cross-site scripting

EUVDB-ID: #VU101533

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52855

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Stored cross-site scripting

EUVDB-ID: #VU101532

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52854

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Stored cross-site scripting

EUVDB-ID: #VU101531

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52853

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Stored cross-site scripting

EUVDB-ID: #VU101530

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52852

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Stored cross-site scripting

EUVDB-ID: #VU101529

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52851

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Stored cross-site scripting

EUVDB-ID: #VU101528

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52850

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Stored cross-site scripting

EUVDB-ID: #VU101527

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52849

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Stored cross-site scripting

EUVDB-ID: #VU101504

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52824

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Stored cross-site scripting

EUVDB-ID: #VU101502

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52822

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU101456

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-43711

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an unspecified vulnerability. A remote attacker can trick the victim into performing certain actions with the application and execute arbitrary code on the system.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Stored cross-site scripting

EUVDB-ID: #VU101468

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43723

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Stored cross-site scripting

EUVDB-ID: #VU101476

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43733

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Stored cross-site scripting

EUVDB-ID: #VU101475

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43732

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Stored cross-site scripting

EUVDB-ID: #VU101474

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43730

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper Authorization

EUVDB-ID: #VU101542

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-43729

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper authorization. A remote user can bypass implemented security restrictions and make unauthorized changes to the application.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Stored cross-site scripting

EUVDB-ID: #VU101473

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43728

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Stored cross-site scripting

EUVDB-ID: #VU101472

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43727

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Stored cross-site scripting

EUVDB-ID: #VU101471

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43726

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Stored cross-site scripting

EUVDB-ID: #VU101470

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43725

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Stored cross-site scripting

EUVDB-ID: #VU101469

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43724

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Stored cross-site scripting

EUVDB-ID: #VU101467

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43722

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Stored cross-site scripting

EUVDB-ID: #VU101478

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43735

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Stored cross-site scripting

EUVDB-ID: #VU101466

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43721

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Stored cross-site scripting

EUVDB-ID: #VU101465

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43720

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Stored cross-site scripting

EUVDB-ID: #VU101464

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43719

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Stored cross-site scripting

EUVDB-ID: #VU101463

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43718

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Stored cross-site scripting

EUVDB-ID: #VU101462

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43715

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Stored cross-site scripting

EUVDB-ID: #VU101461

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43714

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Stored cross-site scripting

EUVDB-ID: #VU101460

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43713

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Stored cross-site scripting

EUVDB-ID: #VU101459

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53960

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Stored cross-site scripting

EUVDB-ID: #VU101457

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43712

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Stored cross-site scripting

EUVDB-ID: #VU101477

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43734

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Stored cross-site scripting

EUVDB-ID: #VU101479

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43736

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Stored cross-site scripting

EUVDB-ID: #VU101501

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52818

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Stored cross-site scripting

EUVDB-ID: #VU101491

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43749

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Stored cross-site scripting

EUVDB-ID: #VU101500

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52817

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Stored cross-site scripting

EUVDB-ID: #VU101499

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52816

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Stored cross-site scripting

EUVDB-ID: #VU101498

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52993

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Stored cross-site scripting

EUVDB-ID: #VU101497

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52992

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Stored cross-site scripting

EUVDB-ID: #VU101496

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52991

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Stored cross-site scripting

EUVDB-ID: #VU101495

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43754

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Stored cross-site scripting

EUVDB-ID: #VU101494

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43752

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Stored cross-site scripting

EUVDB-ID: #VU101493

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43751

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Stored cross-site scripting

EUVDB-ID: #VU101492

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43750

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Stored cross-site scripting

EUVDB-ID: #VU101490

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43748

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Stored cross-site scripting

EUVDB-ID: #VU101480

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43737

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Stored cross-site scripting

EUVDB-ID: #VU101489

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43747

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Stored cross-site scripting

EUVDB-ID: #VU101488

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43746

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Stored cross-site scripting

EUVDB-ID: #VU101487

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43745

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Stored cross-site scripting

EUVDB-ID: #VU101486

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43744

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Stored cross-site scripting

EUVDB-ID: #VU101485

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43743

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Stored cross-site scripting

EUVDB-ID: #VU101484

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43742

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Stored cross-site scripting

EUVDB-ID: #VU101483

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43740

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Stored cross-site scripting

EUVDB-ID: #VU101482

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43739

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Stored cross-site scripting

EUVDB-ID: #VU101481

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43738

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's website.

Adobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.21.0

• cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:*

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.